Ad Widget

**tim.mooney** · 08-06-2022, 17:59

I'm not familiar with 'utf8mb4_convert.sql', is that something the Zabbix developers have provided to switch to true UTF-8?

At Zabbix 5.2, the encryption for internal passwords changed from MD5 to bcrypt, see: https://blog.zabbix.com/keep-all-sec...-secure/13076/

If you examine the contents of the users.passwd field, does it appear to still be encrypted in MD5?

**RicOkteo** · 09-06-2022, 10:18

Originally posted by tim.mooney

I'm not familiar with 'utf8mb4_convert.sql', is that something the Zabbix developers have provided to switch to true UTF-8?

At Zabbix 5.2, the encryption for internal passwords changed from MD5 to bcrypt, see: https://blog.zabbix.com/keep-all-sec...-secure/13076/

If you examine the contents of the users.passwd field, does it appear to still be encrypted in MD5?

Hello,

UTF8 no longer exists, at least it is no longer compatible
My database is basically in UTF8 and I converted it to UTF8mb4 using the script provided by zabbix

2 Repairing Zabbix database character set and collation

https://www.zabbix.com/documentation/current/en/manual/appendix/install/db_charset_coll

So, indeed, my passwords are always encrypted in MD5, but when I connect with the admin account for example (after seeing manipulate the username field to repair the connection), my password changes from md5 to bcrypt
I therefore assume that still having passwords in MD5 format is not binding.

**RicOkteo** · 09-06-2022, 10:28

In the article you sent me, it says:

If Zabbix is upgraded, password rehashes automatically to use bcrypt on password change or on the first login.

**eDonkey** · 09-06-2022, 11:25

I'm currently encountering a similar problem.

After 2 days of trying to fix it, i've now created a completely new VM and installed everything from scratch.
I've exported and copied the hosts and templates from the Zabbix Server 3.0 to the new VM with Zabbix 6.0 and tried to import them; this doesn't work either though.

I'm currently stuck with the following error on the template import:

File is too big, max upload size is 2097152 bytes.

even though, the file size is around 4'000 KB.

**tim.mooney** · 09-06-2022, 20:58

Originally posted by RicOkteo

In the article you sent me, it says:

If Zabbix is upgraded, password rehashes automatically to use bcrypt on password change or on the first login.

That's correct, that should happen. I was just wondering if there might be some reason that it wasn't happening, perhaps related to some problem with the conversion script you were running.

Since you've confirmed that the password field has been converted from MD5 to the newer bcrypt format for 'Admin', it appears that the conversion process is working, and the problem you're having is something else.

**RicOkteo** · 09-06-2022, 21:13

Originally posted by eDonkey

I'm currently encountering a similar problem.

After 2 days of trying to fix it, i've now created a completely new VM and installed everything from scratch.
I've exported and copied the hosts and templates from the Zabbix Server 3.0 to the new VM with Zabbix 6.0 and tried to import them; this doesn't work either though.

I'm currently stuck with the following error on the template import:

File is too big, max upload size is 2097152 bytes.

even though, the file size is around 4'000 KB.

If you are transferring a database, you must do this before exporting:
mysql -u'zabbix' -p'password' 'zabbix' -e "set global innodb_strict_mode='OFF';"
import database
Once the import is finished
mysql -u'zabbix' -p'password' 'zabbix' -e "set global innodb_strict_mode='ON';"

On the other hand if you import / export data such as hosts, templates between the two zabbix..
you will have to be patient and recover the elements very little by little because it screams very quickly at files that are too large

**RicOkteo** · 09-06-2022, 21:19

Originally posted by tim.mooney

That's correct, that should happen. I was just wondering if there might be some reason that it wasn't happening, perhaps related to some problem with the conversion script you were running.

Since you've confirmed that the password field has been converted from MD5 to the newer bcrypt format for 'Admin', it appears that the conversion process is working, and the problem you're having is something else.

Indeed,
When I use the SQL query that the frontend does to log in with the admin account, I see the query fine
But this one does not get any value, hence the fact that it refuses me the connection
If I run the same query, I get the same thing, no value

By modifying the username value from "Admin" to "abc" for example and then putting back "Admin" afterwards, if i run sql command i get values this time ok.. and connection works fine on frontend.
So I understand that there is indeed a problem with the "username" field but I don't understand. I see the value which is equal to "admin" by modifying it with anything and then putting it back to "admin", why will it manage to read it this time?

Anyway, I do indeed have a problem with the conversion of the database, but I can't really say when, since to connect to the frontend, my database must be migrated to utf8mb4..

**RicOkteo** · 09-06-2022, 21:23

Originally posted by eDonkey

I'm currently encountering a similar problem.

After 2 days of trying to fix it, i've now created a completely new VM and installed everything from scratch.
I've exported and copied the hosts and templates from the Zabbix Server 3.0 to the new VM with Zabbix 6.0 and tried to import them; this doesn't work either though.

I'm currently stuck with the following error on the template import:

File is too big, max upload size is 2097152 bytes.

even though, the file size is around 4'000 KB.

for information, 2097152 byte is equivalent to 2048 kB
hence the fact of going little by little when recovering the different elements

**tim.mooney** · 09-06-2022, 21:35

Originally posted by RicOkteo

By modifying the username value from "Admin" to "abc" for example and then putting back "Admin" afterwards, if i run sql command i get values this time ok.. and connection works fine on frontend.
So I understand that there is indeed a problem with the "username" field but I don't understand. I see the value which is equal to "admin" by modifying it with anything and then putting it back to "admin", why will it manage to read it this time?

Anyway, I do indeed have a problem with the conversion of the database, but I can't really say when, since to connect to the frontend, my database must be migrated to utf8mb4..

My recollection was that the conversion from the MySQL/MariaDB "utf8" 3-byte BMP subset to true UTF-8 didn't need to happen at 6.0 and could be put off for some future version, but I see now that the Zabbix developers are pretty strongly recommending it happen at 6.0.x: https://www.zabbix.com/documentation...b_charset_coll

Regarding your login issue, are you actually using 'Admin' as the login name? Remember that once you change the collation so that it ends in _bin, that collates every codepoint separately, so it works somewhat like one of the "cs" (case sensitive) collations. So whether you're using utf8_bin or utf8mb4_bin as the collation for the username column in that table, the matching is now (effectively) case sensitive. You need to use 'Admin' as the login name, not 'admin'.

Also, the same case sensitivity now applies to the password field too, if the collation for that is <something>_bin.

**RicOkteo** · 10-06-2022, 16:59

Originally posted by tim.mooney

My recollection was that the conversion from the MySQL/MariaDB "utf8" 3-byte BMP subset to true UTF-8 didn't need to happen at 6.0 and could be put off for some future version, but I see now that the Zabbix developers are pretty strongly recommending it happen at 6.0.x: https://www.zabbix.com/documentation...b_charset_coll

Regarding your login issue, are you actually using 'Admin' as the login name? Remember that once you change the collation so that it ends in _bin, that collates every codepoint separately, so it works somewhat like one of the "cs" (case sensitive) collations. So whether you're using utf8_bin or utf8mb4_bin as the collation for the username column in that table, the matching is now (effectively) case sensitive. You need to use 'Admin' as the login name, not 'admin'.

Also, the same case sensitivity now applies to the password field too, if the collation for that is <something>_bin.

I just checked, my old database located on my zabbix 3.0 is in utf8 / utf8_general_ci
when importing it to my MariaDB 10.6.7, it turns into utf8mb3 / utf8mn3_general_ci (which is normal because utf8 has disappeared in favor of utf8mb3)
And then I do my table conversion from utf8mb3/utf8mb3_general_ci to utf8mb4/utf8mb4_bin

Do you think that my problems come from the fact that my old database has a collation in utf8_general_ci and not utf8_bin?

I will try to deploy a copy of this off-network server, in order to move my db from general_ci to _bin, recover the clean dump in utf8_bin, and retest my migration

**tim.mooney** · 10-06-2022, 21:27

Originally posted by RicOkteo

Do you think that my problems come from the fact that my old database has a collation in utf8_general_ci and not utf8_bin?

The "_ci" in the utf8_general_ci collation means "case insensitive", so "admin", "ADMIN", "Admin", and "AdMiN" would all be treated the same. The actual username in the database probably was "Admin", though.

Now that the collation has switched to _bin (binary), case does matter, so you must type the username (and the password) exactly as it's stored in the database.

It's not a problem that the collation used to be utf8_general_ci. It just means that now that the collation is binary you need to know whether a username was originally entered as "ric" or "Ric", and you need to type it exactly now. The same goes for the password field (it too was previously case-insensitive).

When I upgraded my site from 3.x to 4.2 and fixed up our collation throughout the database, tables, and columns, I had to get used to typing "Admin" rather than "admin" as the administrative username when logging in as the Zabbix administrative user. But I had always been typing the Admin password using the mixed case, so I didn't need to adjust my habits there.

**RicOkteo** · 13-06-2022, 09:26

Originally posted by tim.mooney

The "_ci" in the utf8_general_ci collation means "case insensitive", so "admin", "ADMIN", "Admin", and "AdMiN" would all be treated the same. The actual username in the database probably was "Admin", though.

Now that the collation has switched to _bin (binary), case does matter, so you must type the username (and the password) exactly as it's stored in the database.

It's not a problem that the collation used to be utf8_general_ci. It just means that now that the collation is binary you need to know whether a username was originally entered as "ric" or "Ric", and you need to type it exactly now. The same goes for the password field (it too was previously case-insensitive).

When I upgraded my site from 3.x to 4.2 and fixed up our collation throughout the database, tables, and columns, I had to get used to typing "Admin" rather than "admin" as the administrative username when logging in as the Zabbix administrative user. But I had always been typing the Admin password using the mixed case, so I didn't need to adjust my habits there.

Okay I see. But precisely the problems come from there, in my examples I use "Admin", but if I use an account such as "rri" (all lowercase), impossible to connect.
I am however sure that the user is written in lower case, and sure of my password
Actually, my problem is that when I try to login through the fronttend, I see the request go through to do the authentication but, the command output is empty.
And the only way I've found to fix it is to modify my user fields, for example "rri" to change it to "abc" then back to "rri"
This way, the same request that didn't work before now works and the connection to the frontend is ok
So I think it's a problem with my database. Transcription problem? bad encoding?
These are just guesses...
I really don't know where my problem is coming from.

**RicOkteo** · 15-06-2022, 17:11

UPDATE

I deployed my zabbix 3.0 server locally (nolan) and tried to migrate all my tables from utf8 utf8_general_ci to utf8 utf8_bin (it took me 22h..)

After having freshly recovered my dump in utf8_bin, I re proceeded with my tests and they are conclusive this time!
Everything works, so I had a snack problem at first sight..

But before closing this ticket, I have one last question.
My zabbix server is a production server with on-call behind.
So you understand that manipulating the server directly is quite complicated and therefore...

Is it possible to hot migrate all the tables of my database in utf8_bin without the zabbix-server crashing / without the database crashing.
While ensuring the proper collection of data from the different hosts.

Thanks in advance for your answers and thanks to tim.mooney!
I hadn't understood what exactly the "general-ci" was and your explanations helped me a lot

Ad Widget

Problem between frontend and database

Problem between frontend and database

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment